Closed n0samu closed 1 year ago
@n0samu Thank you very much for providing all these details and proposed solution!
@luislavena You're the owner of the domain - can you check this issue and do the changes?
Hello @n0samu, thank your for all the details! I took care of validating the domain and removing the obsolete DNS records. Seems these records were left overs of the old website.
I've also validated the domain in GitHub, it should be good now.
Thank you again @n0samu and thank you @larskanis for the fast response!
❤️ ❤️ ❤️
@luislavena Great! Thank you very much for fixing this issue! The subdomain is no longer available, so it seems to have worked.
@n0samu I learned about the Ruffle project that way and convinced my web-co-workers that flash is coming back! Thank you!
Happy to help! And I'm glad you all like Ruffle 😃
Hello, I am a contributor to the Ruffle project, and while remediating a compromise of an unused subdomain of our website, we found that your project's website had been compromised by the same threat actor. Below I will explain the details of the issue and how you can resolve it.
A subdomain of your project website has been compromised and is displaying a spam advertisement for an Indonesian gambling service. The compromised URL is "direct.rubyinstaller.org". The attack was possible because these three conditions were met:
Because your domain's DNS entry points to GitHub Pages, but you do not have verification set up, an attacker was able to claim your custom domain by simply creating a GitHub Pages repository and adding a CNAME file within it pointing to your domain. The GitHub Docs page I linked above explains it this way:
So there are two steps you should take immediately:
Once again, I found this issue with your site because we at the Ruffle project were facing the exact same compromise, and were able to take the steps above to resolve it. Let me know if I can be of any further assistance!